[stunnel-users] Web browsing over stunnel

• Previous message (by thread): [stunnel-users] Web browsing over stunnel
• Next message (by thread): [stunnel-users] Web browsing over stunnel
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It’s because the web site GETs a request  for http://127.0.0.1/ not for http://www.stunnel.org/

Just as an academic exercise, you may want to add this line to your hosts file (usually in \windows\system32\drivers\etc\hosts):

127.0.0.1 www.stunnel.net

Then change your connect line‭ to the IP address of www.stunnel.net (now 104.239.213.7 or 198.105.254.11).

And test again.

Saludos
Jose Alfredo Diaz



> On Nov 2, 2017, at 7:30 AM, Osvald Brko <bflmpsvz at hotmail.com> wrote:
> 
> Hello,
> I try to use stunnel for web browsing (https), and I am not successful. (While mail client against IMAP server works fine).
> Can anybody give me a hint what to try?
> 
> The situation:
> Windows XP SP3, MSIE 8 (or Firefox 43.0.1. for check), stunnel 5.42
> 
> stunnel.conf :
> 
> debug = 7
> [https_test]
> client = yes
> accept = 127.0.0.1:8888
> connect = www.stunnel.org:443
> 
> http://127.0.0.1:8888/   ->  Error HTTP 404 Not Found
> 
> 2017.11.02 13:01:50 LOG7[main]: Running on Windows 5.1
> 2017.11.02 13:01:50 LOG7[main]: No limit detected for the number of clients
> 2017.11.02 13:01:50 LOG5[main]: stunnel 5.42 on x86-pc-msvc-1500 platform
> 2017.11.02 13:01:50 LOG5[main]: Compiled/running with OpenSSL 1.0.2l-fips  25 May 2017
> 2017.11.02 13:01:50 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
> 2017.11.02 13:01:50 LOG7[main]: errno: (*_errno())
> 2017.11.02 13:01:50 LOG7[ui]: GUI message loop initialized
> 2017.11.02 13:01:50 LOG7[main]: Running on Windows 5.1
> 2017.11.02 13:01:50 LOG5[main]: Reading configuration from file stunnel.conf
> 2017.11.02 13:01:50 LOG5[main]: UTF-8 byte order mark detected
> 2017.11.02 13:01:50 LOG5[main]: FIPS mode disabled
> 2017.11.02 13:01:50 LOG7[main]: Compression disabled
> 2017.11.02 13:01:50 LOG7[main]: PRNG seeded successfully
> 2017.11.02 13:01:50 LOG6[main]: Initializing service [XXXXXX-imap]
> 2017.11.02 13:01:50 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
> 2017.11.02 13:01:50 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000)
> 2017.11.02 13:01:50 LOG7[main]: No certificate or private key specified
> 2017.11.02 13:01:50 LOG6[main]: Initializing service [https_test]
> 2017.11.02 13:01:50 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
> 2017.11.02 13:01:50 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000)
> 2017.11.02 13:01:50 LOG7[main]: No certificate or private key specified
> 2017.11.02 13:01:50 LOG4[main]: Service [https_test] needs authentication to prevent MITM attacks
> 2017.11.02 13:01:50 LOG5[main]: Configuration successful
> 2017.11.02 13:01:50 LOG7[main]: Listening file descriptor created (FD=236)
> 2017.11.02 13:01:50 LOG7[main]: Service [XXXXXX-imap] (FD=236) bound to 127.0.0.1:143
> 2017.11.02 13:01:50 LOG7[main]: Listening file descriptor created (FD=260)
> 2017.11.02 13:01:50 LOG7[main]: Service [https_test] (FD=260) bound to 127.0.0.1:8888
> 2017.11.02 13:01:50 LOG7[cron]: Cron thread initialized
> 2017.11.02 13:02:11 LOG7[main]: Found 1 ready file descriptor(s)
> 2017.11.02 13:02:11 LOG7[main]: FD=236 ifds=r-x ofds=---
> 2017.11.02 13:02:11 LOG7[main]: FD=248 ifds=r-x ofds=---
> 2017.11.02 13:02:11 LOG7[main]: Service [https_test] accepted (FD=304) from 127.0.0.1:3424
> 2017.11.02 13:02:11 LOG7[main]: Creating a new thread
> 2017.11.02 13:02:11 LOG7[main]: New thread created
> 2017.11.02 13:02:11 LOG7[0]: Service [https_test] started
> 2017.11.02 13:02:11 LOG7[0]: Option TCP_NODELAY set on local socket
> 2017.11.02 13:02:11 LOG5[0]: Service [https_test] accepted connection from 127.0.0.1:3424
> 2017.11.02 13:02:11 LOG6[0]: s_connect: connecting 207.192.69.165:443
> 2017.11.02 13:02:11 LOG7[0]: s_connect: s_poll_wait 207.192.69.165:443: waiting 10 seconds
> 2017.11.02 13:02:11 LOG5[0]: s_connect: connected 207.192.69.165:443
> 2017.11.02 13:02:11 LOG5[0]: Service [https_test] connected remote server from XX.XXX.XXX.XXX:3425
> 2017.11.02 13:02:11 LOG7[0]: Option TCP_NODELAY set on remote socket
> 2017.11.02 13:02:11 LOG7[0]: Remote descriptor (FD=320) initialized
> 2017.11.02 13:02:11 LOG6[0]: SNI: sending servername: www.stunnel.org
> 2017.11.02 13:02:11 LOG6[0]: Peer certificate not required
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): before/connect initialization
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv2/v3 write client hello A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 read server hello A
> 2017.11.02 13:02:11 LOG6[0]: Certificate verification disabled
> 2017.11.02 13:02:11 LOG6[0]: Certificate verification disabled
> 2017.11.02 13:02:11 LOG6[0]: Certificate verification disabled
> 2017.11.02 13:02:11 LOG6[0]: Certificate verification disabled
> 2017.11.02 13:02:11 LOG6[0]: Certificate verification disabled
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 read server certificate A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 read server key exchange A
> 2017.11.02 13:02:11 LOG6[0]: Client certificate not requested
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 read server done A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 write client key exchange A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 write change cipher spec A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 write finished A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 flush data
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 read server session ticket A
> 2017.11.02 13:02:11 LOG7[0]: TLS state (connect): SSLv3 read finished A
> 2017.11.02 13:02:11 LOG7[0]:      1 client connect(s) requested
> 2017.11.02 13:02:11 LOG7[0]:      1 client connect(s) succeeded
> 2017.11.02 13:02:11 LOG7[0]:      0 client renegotiation(s) requested
> 2017.11.02 13:02:11 LOG7[0]:      0 session reuse(s)
> 2017.11.02 13:02:11 LOG6[0]: TLS connected: new session negotiated
> 2017.11.02 13:02:11 LOG7[0]: Peer certificate was cached (7519 bytes)
> 2017.11.02 13:02:11 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
> 2017.11.02 13:02:11 LOG7[0]: Compression: null, expansion: null
> 2017.11.02 13:02:16 LOG7[0]: TLS alert (read): warning: close notify
> 2017.11.02 13:02:16 LOG6[0]: TLS closed (SSL_read)
> 2017.11.02 13:02:16 LOG7[0]: Sent socket write shutdown
> 2017.11.02 13:02:21 LOG3[0]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
> 2017.11.02 13:02:21 LOG5[0]: Connection reset: 565 byte(s) sent to TLS, 399 byte(s) sent to socket
> 2017.11.02 13:02:21 LOG7[0]: Remote descriptor (FD=320) closed
> 2017.11.02 13:02:21 LOG7[0]: Local descriptor (FD=304) closed
> 2017.11.02 13:02:21 LOG7[0]: Service [https_test] finished (0 left)
> 2017.11.02 13:02:50 LOG6[cron]: Executing cron jobs
> 2017.11.02 13:02:50 LOG6[cron]: Cron jobs completed in 0 seconds
> 2017.11.02 13:02:50 LOG7[cron]: Waiting 86400 seconds
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

• Previous message (by thread): [stunnel-users] Web browsing over stunnel
• Next message (by thread): [stunnel-users] Web browsing over stunnel
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]